ID

VAR-202207-0708


CVE

CVE-2022-33701


TITLE

Samsung KnoxCustomManagerService Access Control Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-70738

DESCRIPTION

Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent. Samsung KnoxCustomManagerService is a security solution based on the open source Android platform of Samsung (Samsung) in South Korea. It can comprehensively enhance security by combining physical means and software system, and is perfectly compatible with Android and Google ecosystems. Individual employees bring industry-leading enterprise mobility security solutions. An access control error vulnerability exists in Samsung KnoxCustomManagerService that stems from the lack of protection for broadcast intents in KnoxCustomManagerService. An attacker could exploit this vulnerability to call PowerManaer.goToSleep by sending a broadcast intent

Trust: 1.53

sources: NVD: CVE-2022-33701 // CNVD: CNVD-2022-70738 // VULMON: CVE-2022-33701

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-70738

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:12.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:10.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:11.0

Trust: 1.0

vendor:samsungmodel:mobile devices qscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices rscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices sscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-70738 // NVD: CVE-2022-33701

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-33701
value: LOW

Trust: 1.0

mobile.security@samsung.com: CVE-2022-33701
value: LOW

Trust: 1.0

CNVD: CNVD-2022-70738
value: LOW

Trust: 0.6

CNNVD: CNNVD-202207-1011
value: LOW

Trust: 0.6

VULMON: CVE-2022-33701
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2022-33701
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2022-70738
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-33701
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

mobile.security@samsung.com: CVE-2022-33701
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2022-70738 // VULMON: CVE-2022-33701 // CNNVD: CNNVD-202207-1011 // NVD: CVE-2022-33701 // NVD: CVE-2022-33701

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

sources: NVD: CVE-2022-33701

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-1011

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-1011

PATCH

title:Patch for Samsung KnoxCustomManagerService Access Control Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/356731

Trust: 0.6

title:SAMSUNG Mobile devices Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=200400

Trust: 0.6

sources: CNVD: CNVD-2022-70738 // CNNVD: CNNVD-202207-1011

EXTERNAL IDS

db:NVDid:CVE-2022-33701

Trust: 2.3

db:CNVDid:CNVD-2022-70738

Trust: 0.6

db:CNNVDid:CNNVD-202207-1011

Trust: 0.6

db:VULMONid:CVE-2022-33701

Trust: 0.1

sources: CNVD: CNVD-2022-70738 // VULMON: CVE-2022-33701 // CNNVD: CNNVD-202207-1011 // NVD: CVE-2022-33701

REFERENCES

url:https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=7

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-33701

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-33701/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/829.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-70738 // VULMON: CVE-2022-33701 // CNNVD: CNNVD-202207-1011 // NVD: CVE-2022-33701

SOURCES

db:CNVDid:CNVD-2022-70738
db:VULMONid:CVE-2022-33701
db:CNNVDid:CNNVD-202207-1011
db:NVDid:CVE-2022-33701

LAST UPDATE DATE

2024-08-14T13:53:11.423000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-70738date:2022-10-24T00:00:00
db:VULMONid:CVE-2022-33701date:2022-07-16T00:00:00
db:CNNVDid:CNNVD-202207-1011date:2023-07-24T00:00:00
db:NVDid:CVE-2022-33701date:2023-07-21T17:47:31.997

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-70738date:2022-10-24T00:00:00
db:VULMONid:CVE-2022-33701date:2022-07-12T00:00:00
db:CNNVDid:CNNVD-202207-1011date:2022-07-12T00:00:00
db:NVDid:CVE-2022-33701date:2022-07-12T14:15:17.933